From 303606b7cebab524bd420859c985d4d3cc7ccd62 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Wed, 14 Feb 2024 15:27:22 +0100 Subject: add logic to handle redirection with authentication failure status --- src/kyclogic/plugin_kyclogic_oauth2.c | 74 ++++++++++++++++++++++++++++++----- 1 file changed, 64 insertions(+), 10 deletions(-) (limited to 'src/kyclogic') diff --git a/src/kyclogic/plugin_kyclogic_oauth2.c b/src/kyclogic/plugin_kyclogic_oauth2.c index 250875cd2..6ffa55d5f 100644 --- a/src/kyclogic/plugin_kyclogic_oauth2.c +++ b/src/kyclogic/plugin_kyclogic_oauth2.c @@ -1426,23 +1426,76 @@ oauth2_proof (void *cls, "code"); if (NULL == code) { + const char *err; + const char *desc; + const char *euri; json_t *body; - GNUNET_break_op (0); - ph->status = TALER_KYCLOGIC_STATUS_USER_PENDING; - ph->http_status = MHD_HTTP_BAD_REQUEST; + err = MHD_lookup_connection_value (connection, + MHD_GET_ARGUMENT_KIND, + "error"); + if (NULL == err) + { + GNUNET_break_op (0); + ph->status = TALER_KYCLOGIC_STATUS_USER_PENDING; + ph->http_status = MHD_HTTP_BAD_REQUEST; + body = GNUNET_JSON_PACK ( + GNUNET_JSON_pack_bool ("debug", + ph->pd->debug_mode), + GNUNET_JSON_pack_string ("message", + "'code' parameter malformed"), + TALER_JSON_pack_ec ( + TALER_EC_GENERIC_PARAMETER_MALFORMED)); + GNUNET_break ( + GNUNET_SYSERR != + TALER_TEMPLATING_build (ph->connection, + &ph->http_status, + "oauth2-bad-request", + NULL, + NULL, + body, + &ph->response)); + json_decref (body); + ph->task = GNUNET_SCHEDULER_add_now (&return_proof_response, + ph); + return ph; + } + desc = MHD_lookup_connection_value (connection, + MHD_GET_ARGUMENT_KIND, + "error_description"); + euri = MHD_lookup_connection_value (connection, + MHD_GET_ARGUMENT_KIND, + "error_uri"); + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, + "OAuth2 process %llu failed with error `%s'\n", + (unsigned long long) process_row, + err); + if (0 == strcmp (err, + "server_error")) + ph->status = TALER_KYCLOGIC_STATUS_PROVIDER_FAILED; + else if (0 == strcmp (err, + "unauthorized_client")) + ph->status = TALER_KYCLOGIC_STATUS_FAILED; + else if (0 == strcmp (err, + "temporarily_unavailable")) + ph->status = TALER_KYCLOGIC_STATUS_PENDING; + else + ph->status = TALER_KYCLOGIC_STATUS_INTERNAL_ERROR; + ph->http_status = MHD_HTTP_FORBIDDEN; body = GNUNET_JSON_PACK ( - GNUNET_JSON_pack_bool ("debug", - ph->pd->debug_mode), - GNUNET_JSON_pack_string ("message", - "'code' parameter malformed"), - TALER_JSON_pack_ec ( - TALER_EC_GENERIC_PARAMETER_MALFORMED)); + GNUNET_JSON_pack_string ("error", + err), + GNUNET_JSON_pack_allow_null ( + GNUNET_JSON_pack_string ("error_details", + desc)), + GNUNET_JSON_pack_allow_null ( + GNUNET_JSON_pack_string ("error_uri", + euri))); GNUNET_break ( GNUNET_SYSERR != TALER_TEMPLATING_build (ph->connection, &ph->http_status, - "oauth2-bad-request", + "oauth2-authentication-failure", NULL, NULL, body, @@ -1451,6 +1504,7 @@ oauth2_proof (void *cls, ph->task = GNUNET_SCHEDULER_add_now (&return_proof_response, ph); return ph; + } ph->eh = curl_easy_init (); -- cgit v1.2.3